Blog Posts Tagged with "Social Engineering"

The company that started out as a little search engine has grown into a behemoth that dabbles in everything from social networking to picture sharing to 3D modeling. And it plans to integrate information pulled from all of those Google services you use to learn more about you...

The main reason is people. People handle electronic data and make mistakes or do not follow policies. People are increasing conscious that information has value – all information has some value to someone and that someone may be willing to pay...

While we often focus on how social engineering skills can be used to break into companies or otherwise obtain information that is supposed to be protected, Brad demonstrates the positive aspects of these skills, and shows how they can be put to good use...

Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign. These messages may appear to be from the IRS and ask users to submit personal information...

Technology exists for monitoring and tracking of social media usage by employees. Ultimately however, like social media itself, it comes down to people - risk can only be addressed appropriately if the individuals using social media are equipped to identify and mitigate against it...

The FBI has observed a trend in which cyber criminals are compromising the e-mail accounts of U.S. individuals and businesses and using variations of the legitimate e-mail addresses associated with the victim accounts to request and authorize overseas transactions...

Policy development must be constructed around conversations that will take place during an attack, and reinforced after the policy has been deployed. Re-training of individuals on security awareness will help to decrease the amount of risk involved in day-to-day operations...

Cybercriminals go where the action is - they wait for websites to get popular and then register domain names based on popular mis-spellings. Once the typosquatter lures you to their site, they use all types of tricks to get you to give them your personal information...

What if I want to clone a website that is the mobile version? What if I want to clone a website that checks to see if end users are Microsoft Windows users? This is where the Social Engineering Toolkit User Agent Switcher (setuas.sh) is applicable...

The human link: There is an ever-widening disparity between the sophistication of networks and the people who use them. When direct attacks on an organization’s defenses fail, cybercriminals often use social engineering toolkits to exploit unsuspecting employees...

A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...

Researcher Kuang-Chun Hung of ICST has identified an unsafe search path vulnerability. Successful exploitation may allow an attacker using social engineering to execute arbitrary code and gain the same privileges as the user that is currently logged into the system...

Generally, people just aren’t thinking all that much when they get these calls. Sure, people should never be asking them for their passwords, but now this. Open this file would you? Tell me how many pages it has to verify that you got it, would you?

Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses anti-virus, firewalls and many intrusion detection systems?